<?php

	// confirm user account
	if(isset($_POST['submit'])) {
	
		// connect to db
		require_once '../db/db.php';
				
		$error = false;
		
		// check for confirmation id
		if(isset($_POST['c_id']) && !empty($_POST['c_id'])) {
		
			$c_id = filter_var($_POST['c_id'], FILTER_SANITIZE_STRING);
		
		}else{
		
			$message[] = '<p class="error">Please use the link from your confirmation email to finalize your account.</p>';
			$error = true;
		
		}
		
		// check for username
		if(isset($_POST['username']) && !empty($_POST['username'])) {
		
			$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
		
		}else{
		
			$message[] = '<p class="error">Please enter your username.</p>';
			$error = true;
		
		}
		
		// check for password
		if(isset($_POST['password']) && !empty($_POST['password'])) {
		
			$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
		
		}else{
		
			$message[] = '<p class="error">Please enter your password.</p>';
			$error = true;
		
		}
				
		// check that md5 of username and c_id match
		if($c_id == md5($username)) { 
		
			// check password
			$sql = "SELECT user_id, username, password FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";
			$check = $db->query($sql)->fetchAll();
			
			if($check) {
			
				$uid = $check['user_id'];
				$error = false;
			
			}else{
			
				$message[] = '<p class="error">Please check your username and password and try again.</p>';
				$error = true;
			
			}
		
		}else{
		
			$message[] = '<p class="error">Cannot confirm your account. Please check your username and password and try again.</p>';
			$error = true;
		
		}
		
		// update db
		if($error == false) {
		
			$sql = "UPDATE users SET active = 1 WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";
			$update = $db->exec($sql);
			
			if($update == 1) {
			
				$message[] = '<p class="success">Thank You! You may now <a href="/">login</a> and start using At Bat.</p>';
				// TODO: create getting started tutorial
				// user should be moved to this & guided 
				// through their first game
			
			}else{
			
				$message[] = '<p class="error">Unable to confirm account at this time. Please try again later.</p>';
			
			}
		
		}
			
	}

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <base href="http://localhost/atbat/html/" />
	<meta charset="utf-8">
	<title>AtBat :: Confirm Your Account</title>
	<meta name="description" content="">
	<meta name="author" content="Sean Mullin, http://parametercontraption.com">
	<!--  Mobile Viewport Fix j.mp/mobileviewport & davidbcalhoun.com/2010/viewport-metatag -->
	<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0;">
	<link rel="shortcut icon" href="images/design/favicon.ico">
	<link rel="apple-touch-icon" href="images/design/apple-touch-icon.png">
	<link rel="stylesheet" href="css/screen.css">
	<!-- For the less-enabled mobile browsers like Opera Mini --><link rel="stylesheet" media="screen" href="css/slideLock.css">
    <script src="js/modernizr-1.5.min.js"></script>
</head>
<body>
	<?php require_once 'include/header.html'; ?>
    <section id="content">
    	<h1>Confirm Your Account</h1>
        <?php if(isset($_GET['confirm']) && !empty($_GET['confirm'])) { ?>
        	<?php if(isset($message)) { foreach($message as $m) { print $m; } } ?>
        	<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
            	<fieldset>
                	<legend>Account Confirmation</legend>
                    <input type="hidden" name="c_id" value="<?php echo $_GET['confirm']; ?>" id="c_id" />
                    <p><label for="username">Username:</label><input type="text" name="username" id="username" required /></p>
                    <p><label for="password">Password:</label><input type="password" name="password" id="password" required /></p>
                    <input type="submit" name="submit" value="Confirm" id="submit" />
                </fieldset>
            </form>
        <?php }else{ ?>
        	<p class="error">Please follow the link in your confirmation email first.</p>
            <!-- TODO: create a form if the user didn't receive/lost confirmation email -->
        <?php } ?>
    </section>
    <?php require_once 'include/footer.html'; ?>
</body>
</html>